From 3f12d02a3aeb71cc0e38a07223415a2332f35e4be9f789c4a2ebe40aff3881a0 Mon Sep 17 00:00:00 2001
From: Kristyna Streitova <kstreitova@suse.com>
Date: Fri, 12 Oct 2018 13:10:11 +0000
Subject: [PATCH] Accepting request 641688 from
 home:kstreitova:branches:Archiving

- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
  list.c [bsc#1110194]

- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
  list.c [bsc#1110194]

OBS-URL: https://build.opensuse.org/request/show/641688
OBS-URL: https://build.opensuse.org/package/show/Archiving/unzip?expand=0&rev=51
---
 unzip-rcc.changes                 |  6 ++++++
 unzip-rcc.spec                    |  2 ++
 unzip.changes                     |  6 ++++++
 unzip.spec                        |  2 ++
 unzip60-cfactorstr_overflow.patch | 35 +++++++++++++++++++++++++++++++
 5 files changed, 51 insertions(+)
 create mode 100644 unzip60-cfactorstr_overflow.patch

diff --git a/unzip-rcc.changes b/unzip-rcc.changes
index 41990b0..0a4caad 100644
--- a/unzip-rcc.changes
+++ b/unzip-rcc.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Oct 11 14:49:01 UTC 2018 - kstreitova@suse.com
+
+- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
+  list.c [bsc#1110194]
+
 -------------------------------------------------------------------
 Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
 
diff --git a/unzip-rcc.spec b/unzip-rcc.spec
index 2e838c1..d7c26f9 100644
--- a/unzip-rcc.spec
+++ b/unzip-rcc.spec
@@ -59,6 +59,7 @@ Patch18:        CVE-2014-9913.patch
 Patch19:        CVE-2018-1000035.patch
 Patch20:        Fix-CVE-2014-9636-unzip-buffer-overflow.patch
 Patch21:        unzip60-total_disks_zero.patch
+Patch22:        unzip60-cfactorstr_overflow.patch
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
 Recommends:     %{_name}-doc
@@ -104,6 +105,7 @@ functionality. This version can also extract encrypted archives.
 %patch19 -p0
 %patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \
diff --git a/unzip.changes b/unzip.changes
index 41990b0..0a4caad 100644
--- a/unzip.changes
+++ b/unzip.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Oct 11 14:49:01 UTC 2018 - kstreitova@suse.com
+
+- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
+  list.c [bsc#1110194]
+
 -------------------------------------------------------------------
 Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
 
diff --git a/unzip.spec b/unzip.spec
index 84b319b..248366e 100644
--- a/unzip.spec
+++ b/unzip.spec
@@ -59,6 +59,7 @@ Patch18:        CVE-2014-9913.patch
 Patch19:        CVE-2018-1000035.patch
 Patch20:        Fix-CVE-2014-9636-unzip-buffer-overflow.patch
 Patch21:        unzip60-total_disks_zero.patch
+Patch22:        unzip60-cfactorstr_overflow.patch
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
 Recommends:     %{_name}-doc
@@ -104,6 +105,7 @@ functionality. This version can also extract encrypted archives.
 %patch19 -p0
 %patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \
diff --git a/unzip60-cfactorstr_overflow.patch b/unzip60-cfactorstr_overflow.patch
new file mode 100644
index 0000000..4df83dd
--- /dev/null
+++ b/unzip60-cfactorstr_overflow.patch
@@ -0,0 +1,35 @@
+--- unzip60/list.c	
++++ unzip60/list.c	
+@@ -97,7 +97,7 @@ int list_files(__G)    /* return PK-type
+ {
+     int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+-    char sgn, cfactorstr[10];
++    char sgn, cfactorstr[1+10+1+1];	/* <sgn><int>%NUL */
+     int longhdr=(uO.vflag>1);
+ #endif
+     int date_format;
+@@ -389,9 +389,9 @@ int list_files(__G)    /* return PK-type
+             }
+ #else /* !WINDLL */
+             if (cfactor == 100)
+-                sprintf(cfactorstr, LoadFarString(CompFactor100));
++                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+             else
+-                sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
++                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+             if (longhdr)
+                 Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
+                   FmZofft(G.crec.ucsize, "8", "u"), methbuf,
+@@ -471,9 +471,9 @@ int list_files(__G)    /* return PK-type
+ 
+ #else /* !WINDLL */
+         if (cfactor == 100)
+-            sprintf(cfactorstr, LoadFarString(CompFactor100));
++            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+         else
+-            sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
++            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+         if (longhdr) {
+             Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
+               FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),